Skip to content

[Snyk] Security upgrade rxdb from 9.19.0 to 14.0.0 #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade rxdb from 9.19.0 to 14.0.0 #10

wants to merge 1 commit into from

Conversation

tfSheol
Copy link
Owner

@tfSheol tfSheol commented Mar 26, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 591/1000
Why? Recently disclosed, Has a fix available, CVSS 6.1		 Open Redirect
SNYK-JS-EXPRESS-6474509		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: rxdb The new version differs by 250 commits.
  • db0f9b0 14.0.0
  • 167a42f BUILD
  • c24b777 FIX ci
  • fcb9ac4 UPDAte 14 anouncement
  • 0184ae3 FIX typos
  • 03ab78e Merge branch 'master' of https://github.com/pubkey/rxdb
  • 938517c ADD(docs) page for node.js database
  • c8094b9 Update dependency expo-cli to v6.3.0 (#4411)
  • 25087e5 Update typescript-eslint monorepo to v5.51.0 (#4408)
  • e2be395 Update dependency electron to v23 (#4410)
  • a429f49 Update dependency vite-plugin-top-level-await to v1.2.4
  • b989881 Update socket.io packages to v4.6.0
  • 5aed9c6 14.0.0-beta.42
  • 298fccc ADD(changelog) #4406
  • 86d6ee9 Add null check for isRxDocument (#4406)
  • ad8bc40 Feature/replication initial checkpoint (#4404)
  • 3a77063 Update dependency karma-sourcemap-loader to v0.4.0
  • ed86bac Update BACKLOG.md
  • 0f0c1e9 Update BACKLOG.md
  • 1d92b29 Update dependency rollup to v3.14.0
  • 8b6f54a Update dependency @ types/node to v18.11.19
  • a3dc0ae FIX types
  • b3d66d8 Update dependency firebase to v9.17.1
  • 4cad72f Update dependency @ types/express to v4.17.17

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tfSheol @snyk-bot